0day And Hitlist Week 01102024 Work [2021] -

On October 3rd, a security researcher in Vietnam uploaded a proof-of-concept for an authentication bypass affecting enterprise web applications built on ZK (a popular Java framework for ERP systems). The vulnerability allowed unauthenticated attackers to execute arbitrary code via crafted serialized objects in the rmi binding.

Disclosed in January 2024, the "Midnight Blizzard" group (Russia-aligned) gained access to corporate email accounts of senior leadership. Root Cause: 0day and hitlist week 01102024 work

At the start of the week, a Type Confusion in the Turbofan JIT compiler (Issue 41497621) was being actively exploited in the wild. The for this 0day specifically included financial auditors and crypto wallet users. The exploit bypassed the V8 sandbox by confusing the compiler about a JSTypedArray object’s length. A simple Array.prototype.map call on a malicious website was enough to execute shellcode. On October 3rd, a security researcher in Vietnam